BrowsePopularContact UsAbout Us

How To Check a User’s Password in Linux (And What You Can Actually See)

If you’re using Linux and wondering how to check the password of a user, the short answer is:
you cannot and should not see the actual password.

Linux is designed so that no one (not even the system administrator) can directly view user passwords in plain text. Instead, Linux stores hashed (mathematically scrambled) versions of passwords.

What you can do is:

  • Check whether a password is set
  • See how passwords are stored (hash type, last change date, expiry)
  • Verify that a user can authenticate (by testing)
  • Reset or change a password

This FAQ walks through how Linux handles passwords and what “checking a user’s password” really means in practice.

How Linux Stores User Passwords

On a typical Linux system, user account information is stored in:

  • /etc/passwd – basic account details
  • /etc/shadow – password hashes and password policy info

/etc/passwd: Basic account info

Run:

cat /etc/passwd

You’ll see lines like:

alice:x:1001:1001:Alice User:/home/alice:/bin/bash

The fields are:

  • aliceusername
  • x – indicates the actual password data is in /etc/shadow
  • 1001 – user ID (UID)
  • 1001 – group ID (GID)
  • Alice User – comment / full name
  • /home/alice – home directory
  • /bin/bash – login shell

There is no actual password here. That’s on purpose, for security.

/etc/shadow: Password hashes (root only)

To see password information, you need root (administrator) access:

sudo cat /etc/shadow

You’ll see lines like:

alice:$y$j9T$...long-hash...:19745:0:99999:7:::

The second field is the hashed password, not the plain text password. A hash is a one-way transformation:
you can check if a password matches a hash, but you cannot reliably turn the hash back into the original password.

Some special values you might see:

Value in password fieldMeaning
! or !* at startAccount locked (password login disabled)
*No valid password; often system accounts
Empty fieldNo password required (generally unsafe)

So, you can check whether a user has a password, and how it’s stored, but not what it is.

How To See If a User Has a Password (Without Seeing the Password)

You can’t read the password, but you can check the status of the password.

Method 1: Using passwd -S

For a quick status of a user’s password:

sudo passwd -S alice

Example output:

alice P 03/20/2025 0 99999 7 -1

Key parts:

  • P – user has a usable password
  • L – password is locked
  • NPno password set

This tells you whether a user can log in with a password, without revealing the password itself.

Method 2: Using chage -l

For more detail on password aging:

sudo chage -l alice

You might see:

Last password change : Mar 20, 2025 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7

This lets you check:

  • When the password was last changed
  • If/when it will expire
  • Whether the account is nearing expiry

Again, no actual password is visible.

How To Verify a User’s Password Works

Sometimes “check a password” really means “confirm that this password works for this user.”

Here are ways to do that cleanly.

Method 1: Try su to switch user

If you know the password and want to confirm it’s correct:

su - alice

You’ll be prompted:

Password:
  • If the password is correct, you’ll switch to the alice account.
  • If it’s wrong, you’ll see Authentication failure.

This doesn’t expose the password—it just tests it.

Method 2: Use ssh locally

If the user is allowed to use SSH:

ssh alice@localhost

Again you’ll be prompted for a password and can verify if it works. This is especially useful on servers that mainly use SSH for login.

How To Reset or Change a User’s Password

Sometimes “check” is really “fix a forgotten or broken password.”

Change your own password

As a user:

passwd

You’ll be asked for:

  1. Your current password
  2. A new password (twice, for confirmation)

Reset someone else’s password (as root)

If you’re the system administrator:

sudo passwd alice

You’ll be able to set a new password for alice without knowing the old one. You still never see their existing password.

Lock or unlock a user’s password

To lock an account (disable password login):

sudo passwd -l alice

To unlock:

sudo passwd -u alice

You can confirm the status with:

sudo passwd -S alice

Why You Can’t See Linux Passwords in Plain Text

Linux follows long-standing security best practices:

  • Passwords are stored as hashes, not plain text.
  • Hashes are often salted and use algorithms like SHA-512 or modern variants.
  • Even if someone steals /etc/shadow, they still have to crack each hash, which is intentionally slow and expensive.

Allowing direct viewing of passwords would:

  • Break user privacy
  • Make data breaches far worse
  • Violate compliance and security policies in most environments

So the system simply does not keep passwords in a reversible form.

Different Ways People Mean “Check a Password” in Linux

When someone says “check the password of a user,” they might mean different things. The details of your system shape what’s possible.

Common interpretations

What you might want to doWhat Linux actually lets you do
See the user’s current passwordNot possible by design
Confirm that a given password is correctTry su, ssh, or login
Verify that a password exists for an accountCheck /etc/shadow, passwd -S
Audit password policy and expiryUse chage -l, /etc/login.defs
Reset a forgotten passwordUse sudo passwd username
Check for weak or reused passwords as adminUse password auditing tools (without viewing passwords)

How your environment changes things

Several variables affect how you handle passwords:

  • Local vs. central authentication
    • Local /etc/shadow vs. directory services like LDAP, Active Directory, or FreeIPA
  • Authentication method
    • Passwords vs. SSH keys, smart cards, or single sign-on (SSO)
  • System role
    • Personal laptop vs. shared server vs. corporate environment
  • Security policies
    • Mandatory password rotation, complexity rules, locked-down access to /etc/shadow
  • Your permissions
    • Regular user vs. sudo/root vs. domain admin

On a single-user home system, you might work directly with passwd and /etc/shadow.
On a corporate server, password data might live in a central directory, and you manage access via completely different tools.

Typical Scenarios and What “Checking the Password” Looks Like

Depending on who you are and what system you’re on, “checking a password” plays out differently.

1. Home user on a personal Linux machine

  • You mostly care about your own account
  • You use passwd to change your password
  • You verify by logging out and back in, or using su to test

2. Sysadmin on a small server

  • You manage multiple local users
  • You:
    • Use sudo passwd username to reset passwords
    • Use passwd -S and chage -l to monitor status and expiry
    • Possibly lock unused accounts with passwd -l

3. Admin in a larger organization

  • Passwords may be managed centrally (LDAP/AD/FreeIPA)
  • You:
    • Rarely touch /etc/shadow directly
    • Use tools or management consoles for password resets and checks
    • Enforce policies like minimum length, expiry, and history

In all of these cases, the underlying rule is the same:
you never see the actual password, only its status and behavior.

The Missing Piece: Your Own Setup and Needs

The exact steps you should use to “check a user’s password” in Linux depend heavily on:

  • Whether authentication is local or centralized
  • Whether users log in with passwords, SSH keys, or SSO
  • Your role (regular user vs. admin)
  • Your system’s security policies and restrictions
  • Whether you need to verify, audit, or reset passwords

Once you map out how your particular Linux system handles authentication and what level of access you have, the right way to “check” a password—without ever seeing it—becomes much clearer.